Labs 1, 2, 3, 5 and 6 edits (#45)

* refactory in lab5

* lab6 updates

* lab1 updates

* lab1 updates

* updated command for fetching self public IP

Author: sdutta9

labs/lab1/media/azure-icon.png

@@ -8,7 +8,7 @@ In this lab, you will be adding and configuring the Azure components needed for
 
 NGINX aaS for Azure |
 :-------------------------:|
-![NGINX aaS](media/nginx-azure-icon.png) 
+![NGINX aaS](media/nginx-azure-icon.png)|
 
 <br/>
 
@@ -36,7 +36,6 @@ By the end of the lab you will be able to:
 <br/>
 
 ![lab1 diagram](media/lab1_diagram.png)
-Lab1 Diagram
 
 <br/>
 
@@ -65,7 +64,7 @@ Lab1 Diagram
    az group create --name s.dutta-workshop --location centralus
    ```
 
-2. Make sure the new Azure Resource Group has been created by running below command.
+1. Make sure the new Azure Resource Group has been created by running below command.
 
    ```bash
    az group list -o table | grep workshop
@@ -76,7 +75,6 @@ Lab1 Diagram
 ### Setup your Azure Virtual Network, Subnets and Network Security Group
 
 ![lab1 Networks](media/lab1_azure-network.png)
-Lab1 Vnet/Subnets
 
 You will create an Azure Vnet for this Workshop.  Inside of this Vnet are 4 different subnets, representing various backend networks for Azure resources like Nginx for Azure, VMs, and Kubernetes clusters.
 
@@ -94,7 +92,7 @@ aks2-subnet | 172.16.20.0/23 | AKS Cluster #2
     ```bash
     ## Set environment variables
     export MY_RESOURCEGROUP=s.dutta-workshop
-    export MY_PUBLICIP=$(curl -4 ifconfig.co)
+    export MY_PUBLICIP=$(curl ipinfo.io/ip)
     ```
 
     ```bash
@@ -226,6 +224,8 @@ aks2-subnet | 172.16.20.0/23 | AKS Cluster #2
     }
     ```
 
+    > **NOTE:** Within the output json you should have a `"provisioningState": "Succeeded"` field which validates the command successfully provisioned the resource.
+
 4. Create a subnet that you will use with NGINX for Azure resource. You will also attach the NSG that you just created to this subnet.
 
     ```bash
@@ -271,6 +271,8 @@ aks2-subnet | 172.16.20.0/23 | AKS Cluster #2
     }
     ```
 
+    > **NOTE:** Within the output json you should have a `"provisioningState": "Succeeded"` field which validates the command successfully provisioned the resource.
+
 5. In similar fashion create three more subnets that would be used with docker virtual machines and AKS clusters in later labs.
 
     ```bash
@@ -303,7 +305,6 @@ aks2-subnet | 172.16.20.0/23 | AKS Cluster #2
 Your completed Vnet/Subnets should look similar to this:
 
 ![lab1 Azure Subnets](media/lab1_azure-subnets.png)
-Lab1 Vnet/Subnets
 
 <br/>
 
@@ -347,6 +348,8 @@ Lab1 Vnet/Subnets
     }
     ```
 
+    > **NOTE:** Within the output json you should have a `"provisioningState": "Succeeded"` field which validates the command successfully provisioned the resource.
+
 1. Create a user assigned managed identity that would be tied to the NGINX for Azure resource. This managed identity would be used to read certificates and keys from Azure key vault in later labs.
 
    ```bash
@@ -391,15 +394,17 @@ Lab1 Vnet/Subnets
     --name nginx4a \
     --sku name="standard_Monthly" \
     --network-profile front-end-ip-configuration="{public-ip-addresses:[{id:/subscriptions/$MY_SUBSCRIPTIONID/resourceGroups/$MY_RESOURCEGROUP/providers/Microsoft.Network/publicIPAddresses/n4a-publicIP}]}" network-interface-configuration="{subnet-id:/subscriptions/$MY_SUBSCRIPTIONID/resourceGroups/$MY_RESOURCEGROUP/providers/Microsoft.Network/virtualNetworks/n4a-vnet/subnets/n4a-subnet}" \
-    --identity="{type:UserAssigned,userAssignedIdentities:{/subscriptions/$MY_SUBSCRIPTIONID/resourceGroups/$MY_RESOURCEGROUP/providers/Microsoft.ManagedIdentity/userAssignedIdentities/n4a-useridentity:{}}}"
+    --identity="{type:'SystemAssigned, UserAssigned',userAssignedIdentities:{/subscriptions/$MY_SUBSCRIPTIONID/resourceGroups/$MY_RESOURCEGROUP/providers/Microsoft.ManagedIdentity/userAssignedIdentities/n4a-useridentity:{}}}"
     ```
 
     ```bash
     ##Sample Output##
     {
         "id": "/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/s.dutta-workshop/providers/Nginx.NginxPlus/nginxDeployments/nginx4a",
         "identity": {
-            "type": "UserAssigned",
+            "principalId": "xxxx-xxxx-xxxx-xxxx-xxxx",
+            "tenantId": "xxxx-xxxx-xxxx-xxxx-xxxx",
+            "type": "SystemAssigned, UserAssigned",
             "userAssignedIdentities": {
                 "/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/s.dutta-workshop/providers/Microsoft.ManagedIdentity/userAssignedIdentities/n4a-useridentity": {
                     "clientId": "xxxx-xxxx-xxxx-xxxx-xxxx",
@@ -456,56 +461,11 @@ Lab1 Vnet/Subnets
 
 <br/>
 
-### Explore Nginx for Azure
-
-<br/>
-
-NGINX as a Service for Azure is a service offering that is tightly integrated into Microsoft Azure public cloud and its ecosystem, making applications fast, efficient, and reliable with full lifecycle management of advanced NGINX traffic services. NGINXaaS for Azure is available in the Azure Marketplace.
-
-NGINXaaS for Azure is powered by NGINX Plus, which extends NGINX Open Source with advanced functionality and provides customers with a complete application delivery solution. Initial use cases covered by NGINXaaS include L4 TCP and L7 HTTP load balancing and reverse proxy which can be managed through various Azure management tools. NGINXaaS allows you to provision distinct deployments as per your business or technical requirements.
-
-In this section you will be looking at NGINX for Azure resource that you created within Azure portal.
-
-1. Open Azure portal within your browser and then open your resource group.
-   ![Portal ResourceGroup home](media/portal_rg_home.png)
-
-2. Click on your NGINX for Azure resource (nginx4a) which should open the Overview section of your resource. You can see useful information like Status, NGINX for Azure resource's public IP, which Nginx version is running, which vnet/subnet it is using, etc.
-   ![Portal N4A home](media/portal_n4a_home.png)
-
-3. From the left pane click on `NGINX Configuration`. As you are opening this resource for first time and you do not have any configuration present, Azure will prompt you to "Get started with a Configuration example". Click on `Populate now` button to start with a sample configuration example.
-   ![nginx conf populate](media/nginx_conf_populate.png)
-
-4. Once you click on the `Populate now` button you will see the configuration editor section has been populated with `nginx.conf` and an `index.html` page. Click on the `Submit` button to deploy this sample config files to the NGINX for Azure resource.
-   ![nginx conf editor](media/nginx_conf_editor.png)
-
-5. Once you have submitted the configuration, you can watch its progress in the notification tab present in right top corner. Intially status would be "Updating NGINX configuration" which would change to "Updated NGINX configuration successfully".
-   ![nginx conf submit success](media/nginx_conf_submit_success.png)
-
-6. Navigate back to Overview section and copy the public IP address of NGINX for Azure resource.
-
-7. In a new browser window, paste the public IP into the address bar. You will notice the sample index page gets rendered into your browser.
-   ![n4a Index Page](media/n4a_index_page.png)
-
-8. This completes the validation of all the resources that you created using Azure CLI. In the upcoming labs you would be modifying the configuration files and exploring various features of NGINX for Azure resources.
-
-<br/>
-
 ### Create Log Analytics workspace to collect NGINX error and Access logs from NGINX for azure
 
 In this section you will create a Log Analytics resource that would collect Nginx logs from your Nginx for Azure resource. As this resource takes time to get provisioned and attached to NGINX for Azure resource, you are building it up here.
 
-1. Within the NGINX for Azure resource (nginx4a), navigate to managed identity section by clicking on `Identity` from the left menu. Within this section, inside the `System assigned` tab, enable system managed identity by changing the status to `on`. Click on `Save` to save your changes. Press `Yes` within the "Enable system assigned managed identity" prompt.
-    ![Enable System Identity](media/enable_system_identity.png)
-
-2. If you open up the Notifications pane, you should see a success status as shown below.
-   ![Enable system Identity success](media/enable_system_identity_success.png)
-
-3. Now go back to your terminal and create a Log Analytics workspace resource that you will attach to NGINX for Azure using Azure CLI. This resource would be used to capture and store NGINX error and access logs. Use below command to create this resource.
-
-    ```bash
-    ## Set environment variables
-    export MY_RESOURCEGROUP=s.dutta-workshop
-    ```
+1. Create a Log Analytics workspace resource that you will attach to NGINX for Azure using Azure CLI. This resource would be used to capture and store NGINX error and access logs. Use below command to create this resource.
 
     ```bash
     az monitor log-analytics workspace create \
@@ -545,7 +505,7 @@ In this section you will create a Log Analytics resource that would collect Ngin
 
      > **NOTE:** Within the output json you should have a `"provisioningState": "Succeeded"` field which validates the command successfully provisioned the resource.
 
-4. Next you will update your NGINX for Azure resource to enable sending metrics to Azure monitor by setting the `--enable-diagnostics` flag to `true` using below command.
+2. Next you will update your NGINX for Azure resource to enable sending metrics to Azure monitor by setting the `--enable-diagnostics` flag to `true` using below command.
 
     ```bash
     az nginx deployment update \
@@ -584,7 +544,7 @@ In this section you will create a Log Analytics resource that would collect Ngin
     }
     ```
 
-5. The last step that you need to perform to start collecting NGINX logs is to create an Azure diagnostic settings resource that will stream the NGINX logs to the log-analytics workspace that you created in previous step. Run below commands to create this resource.
+3. The last step that you need to perform to start collecting NGINX logs is to create an Azure diagnostic settings resource that will stream the NGINX logs to the log-analytics workspace that you created in previous step. Run below commands to create this resource.
 
     ```bash
     ## Set environment variables
@@ -632,7 +592,49 @@ In this section you will create a Log Analytics resource that would collect Ngin
     }
     ```
 
-6. In upcoming labs, you will explore and learn more about NGINX logs and make use of these resources that you built in this section.
+4. In upcoming labs, you will explore and learn more about NGINX logs and make use of these resources that you built in this section.
+
+<br/>
+
+### Explore Nginx for Azure
+
+<br/>
+
+NGINX as a Service for Azure is a service offering that is tightly integrated into Microsoft Azure public cloud and its ecosystem, making applications fast, efficient, and reliable with full lifecycle management of advanced NGINX traffic services. NGINXaaS for Azure is available in the Azure Marketplace.
+
+NGINXaaS for Azure is powered by NGINX Plus, which extends NGINX Open Source with advanced functionality and provides customers with a complete application delivery solution. Initial use cases covered by NGINXaaS include L4 TCP and L7 HTTP load balancing and reverse proxy which can be managed through various Azure management tools. NGINXaaS allows you to provision distinct deployments as per your business or technical requirements.
+
+In this section you will be looking at NGINX for Azure resource that you created within Azure portal.
+
+1. Open Azure portal within your browser and then open your resource group.
+
+   ![Portal ResourceGroup home](media/lab1_portal_rg_home.png)
+
+2. Click on your NGINX for Azure resource (nginx4a) which should open the Overview section of your resource. You can see useful information like Status, NGINX for Azure resource's public IP, which Nginx version is running, which vnet/subnet it is using, etc.
+
+   ![Portal N4A home](media/lab1_portal_n4a_home.png)
+
+3. From the left pane click on `Settings > NGINX Configuration`. As you are opening this resource for first time and you do not have any configuration present, Azure will prompt you to "Get started with a Configuration example". Click on `Populate now` button to start with a sample configuration example.
+
+    ![nginx conf populate](media/lab1_nginx_conf_populate.png)
+
+4. Once you click on the `Populate now` button you will see the configuration editor section has been populated with `nginx.conf` and an `index.html` page. Click on the `Submit` button to deploy this sample config files to the NGINX for Azure resource.
+
+    ![nginx conf editor](media/lab1_nginx_conf_editor.png)
+
+5. Once you have submitted the configuration, you can watch its progress in the notification tab present in right top corner. Intially status would be "Updating NGINX configuration" which would change to "Updated NGINX configuration successfully".
+
+    ![nginx conf submit success](media/lab1_nginx_conf_submit_success.png)
+
+6. Navigate back to Overview section and copy the public IP address of NGINX for Azure resource.
+
+    ![Copy IP Address](media/lab1_copy_ip_address.png)
+
+7. In a new browser window, paste the public IP into the address bar. You will notice the sample index page gets rendered into your browser.
+
+    ![n4a Index Page](media/lab1_n4a_index_page.png)
+
+8. This completes the validation of all the resources that you created using Azure CLI. In the upcoming labs you would be modifying the configuration files and exploring various features of NGINX for Azure resources.
 
 <br/>
 

labs/lab1/media/enable_system_identity.png

@@ -105,7 +105,7 @@ By the end of the lab you will be able to:
 
     ```bash
     ##Set environment variable
-    export MY_PUBLICIP=$(curl -4 ifconfig.co)
+    export MY_PUBLICIP=$(curl ipinfo.io/ip)
     ```
 
     ```bash
@@ -561,7 +561,7 @@ Similar to how you deployed an Ubuntu VM, you will now deploy a Windows VM.
 
     ```bash
     ##Set environment variable
-    export MY_PUBLICIP=$(curl -4 ifconfig.co)
+    export MY_PUBLICIP=$(curl ipinfo.io/ip)
     ```
 
     ```bash

labs/lab1/media/enable_system_identity_success.png

@@ -823,7 +823,7 @@ So why use ports 9001 and 9002 for the NIC Dashboards?  Will this work on port 8
    ```bash
    ## Set environment variables
    export MY_RESOURCEGROUP=s.dutta-workshop
-   export MY_PUBLICIP=$(curl -4 ifconfig.co)
+   export MY_PUBLICIP=$(curl ipinfo.io/ip)
    ```
 
    ```bash  

labs/lab1/media/lab1_copy_ip_address.png

@@ -139,7 +139,7 @@ Submit your Nginx Configuration. If you have the Server name:port correct, Nginx
 
 In order for Nginx 4 Azure and Nginx Ingress to work correctly, the HTTP Host Headers, and perhaps other headers, will need to be passed. This is done by changing the HTTP Version to 1.1, so that the Host Header can be included.
 
-1. Inspect the `lab5/includes/keepalive.conf`. This is where the HTTP Protocol and Headers are set for proxied traffic. This is a common requirement so it is shared among all the different Nginx configurations.
+1. Inspect the `lab5/keepalive.conf`. This is where the HTTP Protocol and Headers are set for proxied traffic. This is a common requirement so it is shared among all the different Nginx configurations.
 
     Using the Nginx for Azure console, create a new file, `/etc/nginx/includes/keepalive.conf`.  Use the example provided, just copy/paste.
 
@@ -309,7 +309,7 @@ Now that you have these new Nginx Upstream blocks created, you can test them.
 
     You can also see this list, using the Nginx Plus Dashboard for the Ingress Controller, check the HTTP Upstreams Tab as before, you should see the Pod IPs for both the coffee-svc and tea-svc.
 
-    ![Cafe NIC Upstreams](media/lab5_cafe-nic-upstreams.png)
+    ![Cafe NIC Upstreams](media/lab5_cafe-nic1-upstreams.png)
 
 1.  **Loadtest Time!**  While you are in the Nginx Ingress Dashboard watching the coffee upstreams, throw some load at them using WRK HTTP Load tool.
 
@@ -444,14 +444,17 @@ You built and used different CNIs and subnets so that you can see the difference
 Platform | Docker | AKS1 | AKS2
 :--------------:|:--------------:|:-----------------:|:-----------------:
 Network Type | Docker | Kubenet | Azure CNI
-IP Subnet | 172.18.x.y | 172.16.10.y | 172.16.20.y
+POD IP Subnet | 172.18.x.y | 10.244.x.y | 172.16.20.y
 
+AKS1 Pod Network | AKS2 Pod Network 
+:--------------:|:--------------:
+![aks1-kubenet](media/lab5_aks1-kubenet.png) | ![aks2-azurecni](media/lab5_aks2-azurecni.png)
 
 You can also see this list, using the Nginx Plus Dashboard for the Ingress Controller in AKS2 - check the HTTP Upstreams, you should see the Pod IPs for both the coffee-svc and tea-svc.
 
 ![Cafe NIC2 Upstreams](media/lab5_cafe-nic2-upstreams.png)
 
-1.  **Loadtest Time!**  While you are in the Nginx Ingress Dashboard watching the coffee upstreams, throw some load at them:
+1. **Loadtest Time!**  While you are in the Nginx Ingress Dashboard watching the coffee upstreams, throw some load at them:
 
     Using your local Docker Desktop, you will start and run the WRK loadtest from a container. Try this for a 1 minute loadtest:
 
@@ -822,7 +825,7 @@ In this exerices, you will use Nginx for Azure to expose the `Redis Leader Servi
     ```bash
     ## Set environment variables
     export MY_RESOURCEGROUP=c.akker-workshop
-    export MY_PUBLICIP=$(curl -4 ifconfig.co)
+    export MY_PUBLICIP=$(curl ipinfo.io/ip)
     ```
 
     Use Azure CLI to add a new Rule for Redis.